mxrider_420
asked on
Sonicwall or Juniper?
I am looking for a prelogon VPN 2-factor SSL-VPN i have narrowed it down for my SMB to Sonicwall or Juniper Networks. Anyone with experiennce with both? I am looking to make a good decision. We need a prelogon GINA so that we arent using cached credentials for logon and GPO settings. Please let me know what is best for a SMB with a $2200 budget for this appliance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
deimark:
does the SA 700 do the same things you were speaking about? I can get that for $1400 and thats cheaper than we were going to be spending and to be honest we wouldnt have more than 10 users concurrent at anyone time anyways. I liek the sound of Juniper and Sonicwall now too, as i havent used either, so if it comes down to price i will make a decision on that if both featuresets are the same. Doyou know if the Juniper SA700 would do these features you sopke about?
does the SA 700 do the same things you were speaking about? I can get that for $1400 and thats cheaper than we were going to be spending and to be honest we wouldnt have more than 10 users concurrent at anyone time anyways. I liek the sound of Juniper and Sonicwall now too, as i havent used either, so if it comes down to price i will make a decision on that if both featuresets are the same. Doyou know if the Juniper SA700 would do these features you sopke about?
Sadly, the SA700 does not have all the functionality of the rest of the range, and this has been mentioned to Juniper several times, but what the SA700 does offer is:
* Core web access, ie all web bookmarks, file shares etc
* Network Connect, gives full SSL VPN functionality
The rest of the range have both of those, plus secure meeting (think webex tool or gotomeeting) and Secure Application Manager, which can secure all your remote apps etc.
I have uploaded 2 datasheets which gives you more info to compare.
Personally, I think the SA700 is a cut down version of a very good product, but if the standard web access and network connect is all you need then go for it.
If I had the money, I would definitely go for the SA2500 as a minimum. As I said you get a lot more for your pennies.
Let me know if you need anything else on this.
DM
SA700-Datasheet.pdf
SA2500-4500-6500.pdf
* Core web access, ie all web bookmarks, file shares etc
* Network Connect, gives full SSL VPN functionality
The rest of the range have both of those, plus secure meeting (think webex tool or gotomeeting) and Secure Application Manager, which can secure all your remote apps etc.
I have uploaded 2 datasheets which gives you more info to compare.
Personally, I think the SA700 is a cut down version of a very good product, but if the standard web access and network connect is all you need then go for it.
If I had the money, I would definitely go for the SA2500 as a minimum. As I said you get a lot more for your pennies.
Let me know if you need anything else on this.
DM
SA700-Datasheet.pdf
SA2500-4500-6500.pdf
ASKER
"If I had the money, I would definitely go for the SA2500 as a minimum. As I said you get a lot more for your pennies."
---- Did you mean the 2000 Base Unit?
---- Did you mean the 2000 Base Unit?
ASKER
I am bidding on this on emay ---
SA2000 Juniper Networks Secure Access 2000 Base System Item number: ITEM# 250309444825
----
does this have all the bells and whistles you speak of?
thanks
SA2000 Juniper Networks Secure Access 2000 Base System Item number: ITEM# 250309444825
----
does this have all the bells and whistles you speak of?
thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For technical specs tho, the SA25000 is almost exactly the same, but the 2500 has newer hardware and all the newer versions of IVEOS will be written for the x500 series.
HTH
HTH
ASKER
thanks for the help.
what is IVEOS?
and do you think that id need anything greater with only 10 concurrent users?
what is IVEOS?
and do you think that id need anything greater with only 10 concurrent users?
ASKER
This Expert was great, really well spoken and clear in his messages were clear and concise
I would trial a SonicWALL ssl VPN 200 - juniper is NOT the best ssl solution out there, Aventail is - which of course is the ssl VPN 200's big expensive brother!
@ VCBooth.
I am sorry you disagree with me here, but I am not just giving my own opinion. However, please feel free to provide any documents you have that show the Sonicwall as a market leader, I am genuinely interested in this.
I support a great many vendors at the highest levels and have access to quite a lot of the high end products and also the world rankings of these products.
Sonicwall may indeed be a great product, but according to the Gartner charts, Juniper is at the top.
Sadly, I don't have access to teh current standing, but the link below shows sonicwall as very good, but Juniper leads;
http://mediaproducts.gartner.com/reprints/sonicwall/article1/article1.html
As for the IVE OS, its the software/operating system that runs on the SA series kit.
If you are only looking for protection of 10 users, then Juniper may be overkill. It is indeed a question "different horses for different courses"
HTH
I am sorry you disagree with me here, but I am not just giving my own opinion. However, please feel free to provide any documents you have that show the Sonicwall as a market leader, I am genuinely interested in this.
I support a great many vendors at the highest levels and have access to quite a lot of the high end products and also the world rankings of these products.
Sonicwall may indeed be a great product, but according to the Gartner charts, Juniper is at the top.
Sadly, I don't have access to teh current standing, but the link below shows sonicwall as very good, but Juniper leads;
http://mediaproducts.gartner.com/reprints/sonicwall/article1/article1.html
As for the IVE OS, its the software/operating system that runs on the SA series kit.
If you are only looking for protection of 10 users, then Juniper may be overkill. It is indeed a question "different horses for different courses"
HTH
ASKER
Well we have 50 in the office, but i truly cant forsee anymore than 10 being on at one time, perhaps froma confrence or something like that. But yea overkill is good as long as it is easy to configure. If i end up purchasing a Juniper kit is it easy to configure with a web GUI? I have my CCNA and have done router / appliance CLI configurations before and hate it. If it doesnt have a easy to naviae GUI than id like to look atother poducts.
A reasonably technical person can set up an SA appliance. If you manage to get the SA 2000 on ebay, that will do the deed for you and your company for a couple of years.
Juniper SA can sem a little complicated at first when setting them up as they user authentication realms to link in with Auth servers, form that user roles are determined (including host checker etc) and then you add bookmarks to the roles web page. But with this type of set up, you have a great deal of control over what you can allow/deny to users.
If all you need is basic web access to intranet sites, outlook web access and perhaps network connect (full VPN connectivity), then the Juniper may be overkill. But I have seen these devices set up in small businesses like your own and its a perfect fit.
Juniper SA can sem a little complicated at first when setting them up as they user authentication realms to link in with Auth servers, form that user roles are determined (including host checker etc) and then you add bookmarks to the roles web page. But with this type of set up, you have a great deal of control over what you can allow/deny to users.
If all you need is basic web access to intranet sites, outlook web access and perhaps network connect (full VPN connectivity), then the Juniper may be overkill. But I have seen these devices set up in small businesses like your own and its a perfect fit.
ASKER
so basically all these configurations are done via a web GUI? I read thah link you posted it seems like they are the best bang for the buck. DO they also havd a fat client that sits on the machine in the task bar too s o that remote users can right click and go "connect" and be logged into the network?
Hehe, you are thorough. :D
The SA is managed via a web gui.
The clients are as close as you can get to clientless technology (ie you still have to download either a java or activex component for the application manager stuff to work. All can be removed from the client at the end of the session.
The net work connect component (full VPN) does included a download that runs in the system tray, but this is for monitoring the connection. It can be configured to get removed when the connection is terminated.
The NC component is loaded when the user signs into the SA web portal and then clicks on the NC connect button.
If you get an SA box, and it doesn't come with a full admin guide, use this one (its 7MB so cant upload it here)
www.deimark.net/6.3-IVEAdminGuide.pdf
This is for the latest version of the IVE at 6.3 but most features are fairly similar through the versions.
The SA is managed via a web gui.
The clients are as close as you can get to clientless technology (ie you still have to download either a java or activex component for the application manager stuff to work. All can be removed from the client at the end of the session.
The net work connect component (full VPN) does included a download that runs in the system tray, but this is for monitoring the connection. It can be configured to get removed when the connection is terminated.
The NC component is loaded when the user signs into the SA web portal and then clicks on the NC connect button.
If you get an SA box, and it doesn't come with a full admin guide, use this one (its 7MB so cant upload it here)
www.deimark.net/6.3-IVEAdminGuide.pdf
This is for the latest version of the IVE at 6.3 but most features are fairly similar through the versions.
ASKER
Thanks for all your help, i appreciate the guidance. i have downloaded that manual too. I am not so worried about zero footprint. i mean thats great for some purposes, but as long as they have a client that can stay as you mentioned thats good too, just to make it easier for some of our staff to connect, rather than always having to go to the web portal. sounds like i got all i need. if this bid fails i will look else where. Perhaps if it does then ill look at the 2500 SA anything more is WAY overkill, sounds like it already is haha, ohh well can never be too good.
Match with a SonicWALL box running Enhanced OS and you have Gateway AV, AS, Intrusion Detection & Prevention on the SSL-VPN traffic and also can perform NAT load balancing so you can have multiple SSL devices in a redudant situation.